diff --git a/Dockerfile b/Dockerfile
index e3b09b6..62d8668 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -34,7 +34,18 @@ RUN apk add --no-cache bash \
     php5-json \
     php5-phar \
     php5-soap \
-    php5-dom && \
+    php5-dom \
+    python \
+    python-dev \
+    py-pip \
+    augeas-dev \
+    openssl-dev \
+    ca-certificates \
+    dialog \
+    gcc \
+    musl-dev \
+    linux-headers \
+    libffi-dev &&\
     mkdir -p /etc/nginx && \
     mkdir -p /var/www/app && \
     mkdir -p /run/nginx && \
@@ -42,7 +53,11 @@ RUN apk add --no-cache bash \
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
     php -r "if (hash_file('SHA384', 'composer-setup.php') === '${composer_hash}') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
     php composer-setup.php --install-dir=/usr/bin --filename=composer && \
-    php -r "unlink('composer-setup.php');"
+    php -r "unlink('composer-setup.php');" && \
+    pip install -U certbot && \
+    mkdir -p /etc/letsencrypt/webrootauth && \
+    apk del gcc musl-dev linux-headers libffi-dev augeas-dev python-dev
+
 
 ADD conf/supervisord.conf /etc/supervisord.conf
 
@@ -85,8 +100,9 @@ find /etc/php5/conf.d/ -name "*.ini" -exec sed -i -re 's/^(\s*)#(.*)/\1;\2/g' {}
 ADD scripts/start.sh /start.sh
 ADD scripts/pull /usr/bin/pull
 ADD scripts/push /usr/bin/push
-RUN chmod 755 /usr/bin/pull && chmod 755 /usr/bin/push
-RUN chmod 755 /start.sh
+ADD scripts/letsencrypt-setup /usr/bin/letsencrypt-setup
+ADD scripts/letsencrypt-renew /usr/bin/letsencrypt-renew
+RUN chmod 755 /usr/bin/pull && chmod 755 /usr/bin/push && chmod 755 /usr/bin/letsencrypt-setup && chmod 755 /usr/bin/letsencrypt-renew && chmod 755 /start.sh
 
 # copy in code
 ADD src/ /var/www/html/
diff --git a/scripts/letsencrypt-renew b/scripts/letsencrypt-renew
new file mode 100755
index 0000000..3c07c1b
--- /dev/null
+++ b/scripts/letsencrypt-renew
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Lets Encrypt
+if [ -z "$DOMAIN" ]; then
+ echo "You need to have \$DOMAIN set"
+else
+ if [ -f /etc/letsencrypt/live/${DOMAIN}/fullchain.pem ]; then
+  cerbot renew
+  supervisorctl restart nginx
+ else
+  echo "There is no cert to renew"
+ fi
+fi
diff --git a/scripts/letsencrypt-setup b/scripts/letsencrypt-setup
new file mode 100755
index 0000000..892b9c4
--- /dev/null
+++ b/scripts/letsencrypt-setup
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Lets Encrypt
+if [ -z "$WEBROOT" ] || [ -z "$GIT_EMAIL" ] || [ -z "$DOMAIN" ]; then
+ echo "You need the \$WEBROOT, \$GIT_EMAIL and the \$DOMAIN Variables"
+else
+ certbot certonly --webroot -w $WEBROOT -d $DOMAIN --email $GIT_EMAIL --agree-tos
+ ln -s /etc/nginx/sites-available/default-ssl.conf /etc/nginx/sites-enabled/
+
+ sed -i "s/##DOMAIN##/${DOMAIN}/g" /etc/nginx/sites-enabled/default-ssl.conf
+
+ supervisorctl restart nginx
+ 
+fi